feat-dev
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions describe a legitimate software development process including design, testing, and implementation using standard local tools. No malicious patterns or security vulnerabilities were detected.
- [COMMAND_EXECUTION]: The skill utilizes shell commands for building, type-checking, and bundling the local project.
- Evidence: The workflow includes commands
npm run build,npm run typecheck,npm run bundle, andnode dist/cli.js(SKILL.md). - [PROMPT_INJECTION]: The workflow involves ingesting data from external sources such as project issues and documentation, which creates a surface for indirect prompt injection.
- Ingestion points: Project documentation, GitHub issues, and source code files (SKILL.md).
- Boundary markers: None explicitly defined to separate untrusted content from instructions.
- Capability inventory: Execution of local build and test scripts via npm and Node.js (SKILL.md).
- Sanitization: No sanitization steps for external data are described.
Audit Metadata